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Field of the Invention 

The present invention relates to electronic trans- 
actions, i.e. primarily payments , which are effected 
electronically- More specifically, the invention con- 
5 cerns electronic transactions effected while employing 
a user card, such as a cash . card, . credit card, charge 
card, or the like, said card being a so-called smart 
card. 

Background Art 

10 In recent years, the interest in electronic trans- 

' "actions "has increased significantly, especially^ concur- 
~ 3 rently with the impact : bf th¥ ;: Inte~rnet T . Security 

2 have been focused, " and ~di"f f eVeht : ■systems and standards 
::i have v been 'suggestVd to 'guarantee'" the'-s r ecuritV r irP connec- 
X 5 tion with "'electronic' -Vransmissi^ 

sagei. 1 A matter that : has '-attracted of interest is 

how to protect/ for 'instance*", * : -credit "card numbers trans- 
mitted via the Internet in connection with Internet shop- 
ping. What the systems. and standards proposed have in 
20 common is that they are "based either on the condition 

that sensitive information that may be misused, for in- 
stance a credit card number, is not to be transmitted via 
the communications network, or on the condition that such 
sensitive information is to be transmitted in encrypted 
25 form. In both alternatives, the relatively complicated 
administrative routines and system configurations etc. 
are focused, which, as will be appreciated, results in 
restrictions and obstacles to a more general use. 
Objects of the Invention 
30 A main object of the present invention is to faci- 

litate electronic transactions in a simplified fashion 
while maintaining full security. 

A further object is to facilitate different kinds 
of electronic transactions within the scope of the same 
35 basic concept. 
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One more object is to facilitate electronic trans- 
actions independently of the choice of information trans- 
fer channel for the used transaction message. 

A still further object -is to facilitate electronic 
5 transactions which basically do not require transmission 
of the used transaction message through a reliable infor- 
mation transfer channel. 

Summary of the Invention 

The above-mentioned objects are achieved by the 
10 inventive features that are stated in the accompanying 
claims. 

: -The invention thus is based on an insight of the 

... -..--advantage of using -special transaction messages .which, 
: ;^..:i nde P enc i en tly - and .under the oiser ' s ; jf ull control, are 
^15 ^ - created by . a user and. which are of . such nature ^.that they 
- ir:n can have . been , created by r the user ^only, „they v cannot have 
- , been tampered with while being ..transferred to , a ...receiver 
~ . or addressee without such tampering being easily recog- 
nised (authentication) ,and can .easily ,fc>e .validated after 
20 transfer for the purpose of finalising the desired trans- 
action. According to the invention, the sender uses a 
unique smart card assigned to him, with. a private key 
stored therein (whose public equivalence in an asymmetriy 
cal cryptographic system is generally available) in order 
25 to provide a transaction message created by the sender 
with a digital signature which is unique to the sender, 
whereupon the signed transaction message can be trans- 
ferred in an arbitrary manner. 

Only a lawful user of the smart card can activate 
30 this to be signed, thereby satisfying a basic identity 

requirement. The digital signature further entails a data 
lock: which prevents the message from being tampered with 
without this being recognised in a subsequent authentica- 
tion by using the generally available public key, which 
35 belongs to the user. The user's independent creating of 
the transaction message means full control of the con- 
tents of the message. The invention thus requires that 
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sensitive information, such as a card number, in the 
transmitted transaction message be connected to a digital 
signature to make the information at issue usable. With- 
out connection to a digital signature, the information 
5 thus is basically of no value and consequently cannot 
be misused for false network transactions, even if the 
information could be caught by a person not concerned in 
connection with a transmission of the transaction mes- 
sage. Basically, it is irrelevant how the transmission 
10 takes place. This means an approach which is completely 
opposite to today's striving for the provision of spe- 
cial, reliable, i.e. encrypted, communication systems for 
transmitting transaction messages " via e . g': the Internet . 
~ ~" : " "it is preferred "that a' transaction message ' according 
15 " to ' the invention contains "information * on sender", 'trans- 
~ " ~ Vctiori amodnt. arid receiver and preferably a variable 
-'""''"piece of information, such as a serial "number: 

- " According to "the invention," the 'user thus creates 
"what "can be said to be a signed ' "electronic cheque" , 
20 which can be transmitted in an -arbitrary manner and at 
an arbitrary point of time to an addressee or receiver. 

Upon receipt, a transaction message according to the 
invention can be checked for authenticity by checking the 
digital signature, whereupon validation and charging or 
25 crediting the receiver with the transaction amount at 
issue can take place in an arbitrary, suitable manner, 
suitably according to the same principles as apply to the 
cashing of an ordinary cheque or to clearing in connec- 
tion with a card purchase. 
30 According to the invention, the transmitted, signed 

transaction message may contain the required transaction 
information as plain text, in which case the digital sig- 
nature can, in a manner known per se, be provided on the 
basis of a condensate of the message information. This 
35 means that the subsequent authentication, validation and 
crediting on the receiver side will be facilitated since 
the required information is immediately available, such 



WO 98/52151 



PCT/SE98/00897 



as information on sender, which makes it easy to fetch 
the correct public key for authentication of the digital 
signature. 

If the digital signature is effected on the entire 
5 transaction message such that this is transmitted in 

encrypted form, the transmitted transaction message can 
be provided with special sender information which makes 
it possible on the receiver side to fetch the correct 
public key for authentication and conversion of the 
10 transaction message into plain text. 

According to the invention, the transaction message 
.may contain sender information of an arbitrary, suitable 
. kind, _such^as at .least Jqne of the following ^pieces of 
^information: a card number, a cash .card number, a charge 
15 „card number, ..a . credit card number, an account ^number, r an 
, - ..invoice number.-, and an ID number • , If the _ smart .card uti- 
lised according to the invention _,is_a ^card connected to 
an account , , such as .a ..credit .card,, it .may be preferred 
to . use the .associated .card number ^as i^sender inf formation. 
20 As those skilled in ..the . art realise, it is however pos- 
sible to use any kind of information, which on the re- 
ceiver side can easily be connected to a user identity 
and, consequently, to an associated account which is to 
be charged. 

25 For the receiver information, basically the same 

applies* For instance, at least one of the following 
pieces of information may be involved: a card number, 
a cash card number, a charge card number, a credit card 
number, an account number, an invoice number and an ID 

30 number. Also in this case, it is sufficient that the 
information on the receiver side can be unambiguously 
related to a receiver of payment. It should be noted that 
transferring a transaction amount to a receiver need not 
entail the crediting of a receiver account, but it may 

35 also imply that e.g. an administrative unit receiving the 
transaction message, after authentication and validation,. 
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.: charges a sender account and sends to the receiver what 
may be considered a check or :a postal order. 

As described above, an essential feature of the pre- 
sent invention is that the sender, i.e. the user of the 
5 smart card, creates and signs the transaction message 

under his own control, i.e. basically independently of a 
connection to a communications network and of a computer 
dialogue with a receiver, although such a dialogue of 
course may take place in ..connection with the transmission 
10 of a signed transaction message. Consequently the trans- 
: action message is created -preferably without connection 
, to the communications network or .off-line.- This means 
i that the :sender :fully -.controls .-.which ;data <:are -input for 
: creating of -the ..transaction -message As iwill be :appre- 
15 ciated, the signing scan :be -carried ;:out ronly iby cthe sender 
: ::j;::since in -the mormal icase :he :;is ^the ::only :6ne to be able 
:;;:to .activate :his ."smart -card .-.and -to ^.release r.the asigning. 
: .Regarding ;the transmission orlhanding over ofothe signed 
- transmission message ..there ;are, . however, rno Restrictions, 
20 as .will ^be .quite easily -appreciated. For example, the 

user or some person assisting him may take the smart card 
with the signed transaction message present therein to 
send the message later, to send the. message from some 
other place etc, that is to say there is a great freedom 
25 of choice. The signed transaction message could also be 
transferred to special intermediate materials or a 
transport medium to be transmitted to a receiver and/or 
addressee . 

According to the invention, it is advantageous that 
30 the transaction message is created in the smart card. The 
transaction message may suitably be created by means of 
the software inserted in the smart card in advance and 
sender information preferably inserted in the card in 
advance, e.g. a card number. Suitably a new serial num- 
35 ber is automatically created for, each transaction mes- 
sage. The input of the necessary message information in 
the card may be carried out in different ways, for in- 
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- stance with the aid of -the input means arranged on the 
smart card, the card advantageously consisting of a so- 
called advanced smart card. Information that is required 
for the transaction message can also be input with the 

5 aid of a protected card terminal, which advantageously 
may consist of the user's own terminal or computer pro- 
vided with a card reader. Information that is necessary 
for the transaction message can also be input by means 
of a separate card communication unit, the latter prefer- 
10 ably later also serving as card activator. Such a unit 

- can advantageously be designed as a small portable unit, 
which the user may take ralong and which ;is utilised by 

: X: - .the user :when he wants ;to activate rhis icard and/or input 
- -^v- 7-7 ^information in the card iin '.surroundings where ^no protect- 
15 : -"ed card 'terminal lis ^available : li zr.r ~ ; 

' Information -which :iis ^required rfor':the transaction 
• message vcan also be ~inputrby -means iof -r-a -telecommunica- 

; '.; tions unit controlled by -the rsmart card," --.especially a 

mobile -telecommunications .unit/ osuch -":as "-a mobile tele- 
20 phone device. In this ^context, the ..unit :may :also be used 
to transfer the signed transaction message, for instance 

- by using -a so-called SMS-type service. - 

The man skilled in the art realises that it is also 
possible to create the actual transaction message outside 
25 the smart card by using, for instance, one of the above- 
mentioned information input means. The created trans- 
action message is then input in the smart card to be 
signed . 

According to a first aspect of the present inven- 
30 tion, a method is provided for carrying out electronic 
transactions, in which a sender of transaction messages 
is assigned a smart card with an associated unique iden- 
tity and a private key stored in the card in a protected 
manner, and in which an associated public key is kept 
35 generally available, said method being characterised in 
that in connection with an electronic transaction under 
the sender's own control, preferably through his own 
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-input of message information, the sender creates a trans- 
action message, which contains information necessary for 
the transaction, and, In his smart card, provides the 
created transaction message with his digital ' signature 
5 while using his own private key for the purpose of subse- 
quent output and transmission of the transaction message. 

According to a second aspect . of . the present inven- 
tion, a smart card is provided for carrying out electro- 
nic transactions, said card ^comprising means for storing 
10 of card identification information, means for protected 

storing -of a private key, means for storing of an asymme- 
trical-algorithm, means for input. of- transaction informa- 
tion into the card, /processor .means ' :for. -creating in the 
: ' :card a transaction .'message based on input "transaction 
- 15 "^information, "such :as information ..on .amount rand -receiver, 
O * ~* and optionally -information -stored :in:cthe -card/-csuch as 
- v ^information on 'sender ::and ^preferably 3a serial number, and 
7 for providing vthe ..transaction -message .with ~a .digital sig- 

"nature :on 'the "basis 'of .said private Ocey :and said asymme- 
20 trical algorithm, and means for output of :the .signed 
transaction message/ - 

According to a third aspect of the present inven- 
tion, a combination is provided of a smart card and a 
user-controlled communication unit, which is arranged for 
2 5 communication with the smart card and with which the card 
is adapted to be combined with a view to producing an 
electronic transaction message, the card comprising means 
for protected storing of a private key, means for storing 
of an asymmetrical algorithm and processor means for pro- 
30 viding a created transaction message with a digital sig- 
nature based on said private key and said algorithm, and 
said communication unit comprising means for input of 
transaction information, and means being arranged in the 
communication unit and/or in the card for producing said 
35 transaction message. 

A fourth aspect of the present invention involves 
use of a smart card with a private key stored therein and 
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asymmetrical cryptographic algorithm for. providing in the 
card; independently of the communications network, an 
electronic transaction message provided with a digital 
signature based on the private key. 
5 Additional aspects of distinctive features of the 

invention will appear from the following detailed de- 
scription of various embodiments with reference to the 
■ > - accompanying drawings. „ 

Brief Description of the Drawings : . 
10 Fig. 1 is a schematic illustration of an example of 

the carrying out of electronic transactions by using an 
open network, such as the Internet, :in accordance with an 
: ■:: embodiment of ..the; present invention.-;* .-_>-.-_ ; ::■ 
-z^.. : z r:. Fig. : 2. is a schematic -illustration .of the -same kind 

•"15^.- as -in .Fig ."I,-, .exemplifying alternative ;.ways of ^carrying 
dz - out electronic transactions ^according -to ;the ^invention . 
, -':~-:lr.:::: 1 -s Fig . 3 is a schematic -illustration -of :an example of 
7 . : the carrying : out of .electronic .transactions by ;using a 

shop card terminal, according to „a ^different ;embodiment 
20 of the present invention. ; ■ ; - : . - . : i . 

Fig. 4 is a schematic illustration of the same kind 
as in Fig. 3 of another example of the carrying out of 
electronic transactions by using a shop card terminal, 
according to the present invention. . - - 
25 Fig. 5 is a schematic illustration of an example of 

the carrying out of electronic transactions by using a 
mobile telephone system, according to one more embodiment 
of the present invention. 

Fig. 6 is a schematic illustration of an example of 
30 the carrying out of electronic transactions by using an 

open network for direct contact with a bank, according to 
another embodiment of the present invention. . 

Fig. 7 is a schematic illustration of examples show- 
ing how an advanced smart card can be used to carry out 
35 electronic transactions in accordance with the present 
invention. : * " - . ; 
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Description of Embodiments - 
Fig- 1 - illustrates schematically a first embodiment 
of the invention, which can be used for credit card pay- 
. ment via an open network, such as the Internet, between 
5 a sender and a receiver included in a network. The sender 
has access to a smart card 1 and a computer 3 which is 
. provided with a suitable card reader (indicated at 2), 
and which typically can be a home computer and is con- 
- nected to the Internet 5. A network, server 7 is connected 
10 - to the network .5 and to various credit card administra- 
tors 8 and 9 included in the network.. The latter are in 
: conventional manner connected -to ^each -.other and to 
various institutions .^keeping ^accounts ,;. : such . as .banks 10, 
~: il. -In the present example,, - ; the .sender, is -supposed to 
- 15 /r have .an racc.ount in -the -bank ^10 ^and a -credit -card admi- 
:> : _ nistered .by ithe administrator. -:8 , : L while \the x re,QejLyer 12 
v-: = v:-has an .account d.n -the .bank r: ll-. .-and : a . credit ^card adminis- 
tered by :the -administrator =9..- zs:\r c,:iy-. . i; ■: .v.- 

A trusted third party (TTP). :13.. : is . .network _admini- 
20. strator and responsible -f or the -necessary handling of 
keys. TTP 13 thus assigns to each user , his private key 
which is stored in a protected manner in the. user's card 
1, and keeps a catalogue 15 available, from which the 
public key of each user . can be collected. 
25 The user's smart card 1, which also has a conven- 

tional credit card function, contains in a known manner 
memory and processor means in the form of one or more 
integrated circuits (indicated at 17), as well as con- 
ventional means for enabling communication between the 
30 card and a card reader when the card is placed in the 
latter . 

In addition to the above-mentioned private key, said 
memory and processor means contain a cryptographic algo- 
rithm of an asymmetrical type, which can be a DES algo- 
35 rithm, and software for effecting the ..signing -of a trans- 
action message based on the private key and said crypto- . 
graphic algorithm. The smart card 1 is activated in an 
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arbitrary, suitable manner for instance by means of a 
■ PIN input in the card, or biometrically . 

When performing a transaction, the card 1 is placed 
in the card reader 17 of the computer 3 and the card 
-5 is activated if this has not already been done. A trans- 
action message can now be created in the smart card 1 
and/or in the computer 3. If the creation takes place 
exclusively in the card, which from the viewpoint of 
security may be preferred, the card also contains soft- 

10 ware that is suitable for this purpose. In this case, the 
required information for the transaction message (espe- 
cially regarding amount and receiver) is -input via the 
keyboard of the computer 3 ^into the card. v. 

: :■ - ^ If the actual -transaction message :is created in 

15 the computer, this has been "provided :with rthe software 
: required "for -this purpose,^ -which is -suitably ..supplied to 
- : the user -in connection - with ^the rissuance iof cthe .-smart 
card. Also in this case, -message ^information vis dLnput 

- via the keyboard. -i'lT 1 v : "- s-: ^ : ; /. 

20 It is advantageous to use as sender information .a 

card identification, such as the number of the smart 
card, which is automatically supplied by the card as the 
transaction message is being created. As receiver infor- 
mation the card number of the receiver can advantageously 

25 be input. 

After creating the transaction message, it should be 
provided with a serial number and signed, which, as men- 
tioned above, is effected in the card. If the actual mes- 
sage has been created in the card, it may be desirable, 

30 - with a view to restricting the software that must be 

available in the card, to effect the digital signature on 
the actual message, whereby the message obtains the form 
of cryptographic text. The signed message which is then 
transferred must be able to supply information on the 

35 sender, thereby making it possible to collect the public 
key necessary for authentication, as will be described 
below. Especially if the transaction message is created 
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in the sender's own protected computer, it may be suit- 
able to generate the digital signature on a condensate of 
the actual message, which will be available as plain text 
and also can be transmitted as plain text. 
5 The signed transaction message can now advantageous- 

ly be given the form of e-mail and then be transmitted 
via the network 5 to the network server .7. 

If the transaction message is available as plain 
text, the server 7 can, based on the information in the 
10 transaction message, directly send the signed message 
either to the sender ' s -or the receiver Is card admini- 
strator 8, 9, respectively, for . the ..purposes -of authenti- 
" cation "and, if authenticity -.has :been ^established, subse- 
quent validation, charging -the sender ^and crediting the 
15 : sender : with rthe transaction amount ^involved, swhile apply- 

. ing -a "isuitable ^clearing -procedure ev^:: ;*o:: 

■ - The Authentication ;means othat;":f or .instance, the 

- sender's -card administrator -fetches »the sender \s public 
- key from a -key catalogue of .:his .own ..or the catalogue 15 
20 of TTP 13 and, by . means : thereof and of the cryptographic 
algorithm involved, checks the digital signature of the 
message . 

If the message received by the server is not avail- 
able as plain text, the server 7 fetches from the cata- 

25 logue 15 the public key belonging to the sender who can 
be identified by the received, signed transaction mes- 
sage, e.g. on the basis of special sender information 
such as a network identity or Internet identity. After 
conventional decrypting of the message by using the 

30 fetched public key, the server 7 has access to the infor- 
mation of the message as plain text and can send the mes- 
sage on for authentication etc, as mentioned above. 

One more alternative is to provide the message sent 
on the network 5 with a stated address of the authorised 

35 card administrator, for instance 8, \ such that the server 
can directly direct the message to him for continued pro-- 
cessing as described above. If the signed message is not 
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available as plain text , . the received message must also 
in this case provide such information that the correct 
public key can be fetched for authentication and decryp- 
tion of the actual message. 
5 Fig. 2 illustrates schematically a second embodiment 

of the invention, which uses basically the same configu- 
ration as in Fig. 1, although the transaction message 
from the .sender is transmitted directly to a receiver's 
computer 21 via the network : 5. The receiver sends the 
10 message on, which can .be carried out via the network to 

the server 7, as -indicated by the arrow .23,. : or ;by some 
-V, ..; "other -route as indicated -:by ..the :arrow 25 .-„■.- ^ : 

= ;In :this embodiment , ;it .may .be iconyenient ^that the 
~. ' "actual message is available ,ias plain :~text,- such pthat the 
15 " ^receiver - can :see ' the information therein ...even -if he, does 
not have immediate ;access ;.to :the -sender Is ;>public key for 
■:" .authentication ;or .^decryption :oi ithe -.digital signature . If 
• -r needed, -the signed message can ^howeyeribe encrypted by 
, :the . sender rwith a public - key ..belonging -to ;the /receiver, 
20 - in which case the receiver upon receipt decrypts the mes- 
sage by. using his own private key and the associated 
cryptographic algorithm and then forwards the decrypted, 
but still signed message. 

In case of a transport route 25 other than the net- 
25 work 5, it may be advantageous to use intermediate mate- 
rials, for instance a disk (indicated at 26) , which in 
some suitable and reliable manner, the receiver hands 
over to his card administrator or bank for continued pro- 
cessing in accordance with that described above. It will 
30 be appreciated that the receiver can collect a number of 
received transaction messages on such intermediate mate- 
rials before taking steps for the continued processing. 

Fig. 3 illustrates schematically an embodiment of 
the invention which is suited for transactions via a 
35 foreign "terminal" 31 and which uses a user-controlled 
portable unit 33 for creating a transaction message. 
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The 'unit 33 consists of a combined activator and 
information inputting means for the smart card. The unit 
33 is in a suitable manner arranged for communication 
with the card 1, for instance by comprising an integrated 
5 card reader, into which the card is. inserted. The unit 33 
further has a keyboard and a display. 

When paying in e.g. a shop, the card is inserted in 
the unit 33 and activated, - for instance, \ by inputting a 
PIN code by means of -the keyboard of the ..unit. By means 
10 of the keyboard, the -necessary payment information is 
also input, such as amount and receiver. ,If the trans- 
" action message is both^created and. signed in:the actual 
card, the -actual [information: will ^be vtransf erred to the 
- . card.-" If : the actual message :and optionally ra condensate 
15 thereof " are : to be created? in Ithe unit 133; for : the purposes 
• -of transferring to > and -sighing : in : the^card:>l> -the unit is 
; _ r\. provided - with ' processor! means : and ; the .software required 
r-.z': "fbr-"this purpo'se. r- r. ~ : : - .; : ■ : .•• j 3 ^^.;' r ;^ :l;i:, . 

The card with: the signed transaction message is now 
20 removed from" the - unit 33 and inserted into the shop's 

reader/terminal 31, from which the message is transmitted 
for continued processing in the same manner as described 
above. Accepted authentication and validation may suit- 
ably result in a receipt being sent back- to the terminal. 
25 It will be appreciated that the terminal 31 couid, 

of course, communicate with the server 7 in some other 
manner than via the network 5, for instance via a pro- 
tected connection. 

Fig. 4 illustrates a variant of the embodiment shown 
30 in Fig. 3. The unit 33 in Fig. 3 is replaced by a pro- 
tected, preferably off-line computer or terminal 43, 
which can be arranged in, for instance, a shop and per- 
mits off-line, secure creation of a transaction message 
in a way similar to that described in connection with 
35 Fig. 3, for the purposes of input in a .shop card terminal 
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Fig. ..5 illustrates an embodiment of the present 
... invention which involves the use of a mobile telephone 
device 51 and an associated mobile telephone network 55, 
The mobile telephone device comprises, in addition to a 
5 mobile telephone function, also such an activating and 
input function as .described in connection with the unit 
33 in Fig. 3. The mobile telephone function is preferably 
* also controlled by the smart card. . . 

With the aid of the telephone function, the signed 
10 transaction message is transmitted „to a unit or central 
- unit 57, which effects continued processing of the trans- 
action message, for -instance, in . accordance , with that de- 
: :" scribed in connection ; with the;, preceding ? Figures . 
*..i.v-"C ..The -transmission rof i the transaction : message can ad- 
-15 • vantageously take tplace;. while . using a > so-called SMS rser- 
- -n: => vice - or • the . like i of : the ; mobile ;. telephone z network . 

t : : . - c The unit - 57. could >also be ; a -special- central unit, 
which after authentication etc. effects payments based 
on the received .transaction messages, 
20 Fig. .. 6 illustrates an embodiment : of the present 

invention which advantageously can be used to, effect 
• payment orders. At a sender's, i.e. payer's place, signed 
transaction messages are created as described, in this 
case exemplified with the same method as in- Fig. 1- The 
25 transaction message is transmitted to the sender 1 s bank 
10 keeping the account, which in a catalogue 60 has 
access to the sender's public key. It will be appreciated 
that the bank could be card issuer and key administrator 
and that the sender information in the transaction mes- 
30 sage can suitably consist of the sender's bank account 
number . 

Upon receipt of a transaction message and authenti- 
cation thereof, the sender's bank 10 provides for, by a 
clearing procedure, the payee, who is identified in the 
35 transaction message suitably by the associated bank 

account number, being credited with the amount at issue, 
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i.e. the receiver's account in the receiver's bank 11 
being credited with "the amount at issue. 

Another alternative possibility is that the sender's 
bank 10 sends a delivery order directly to the receiver 
5 12 based on, for instance, receiver information in the 
transaction message. This alternative is indicated by 
means of the dashed line 62 in Fig. 6. 

In the embodiment according to Fig. 6 it .may be con- 
venient to encrypt the transmitted, signed transaction 
10 message, thereby increasing the security. The sender then 
uses the public key of the bank 10 and preferably the 
: --same cryptographic algorithm as : is : used for signing . As 
v.' will be- "appreciated, ~ the bank .10 can ^immediately .carry 

^ out decryption .-by using :its ^private key .. j:: o a : 
15-- :. :-If the bank -10 is \ administrator .of : the -sender \s pair 
bar. of :keys,' i.e.- has- both -the .public ; key;- and : the;, private key 
belonging :to -the /sender, -.the render .can: alternatively 
carry out the encryption of .-the signed message with the 
: aid ,of his public ^key. .The .bank .10 can then -decrypt the 
20 transmitted message by -using -the sender's private key, 
which is collected from a catalogue, before authentica- 
tion is carried out by using the sender's public key. 

Finally, Fig. 7 illustrates schematically the use 
of a so-called advanced smart cart in connection with the 
25 invention. The advanced smart card 71 also has a keyboard 
and a display, which allows that a signed transaction 
message can be created in the card completely without 
external aids. Subsequently the card can be inserted into 
e.g. a computer or a terminal for the purposes of for- 
30 warding the message and continued processing in accor- 
dance with that described above. 

Although the invention has been illustrated by a 
number of embodiments, the invention is of course not 
restricted thereto, and changes and modifications are 
35 feasible within the .scope of the appended claims. Thus, 
individual features from the various embodiments may 
be brought together in new combinations within the scope 
of the inventive idea. 



